[Cryptech Tech] Happier RSA timing numbers

Joachim Strömbergson joachim.strombergson at assured.se
Wed May 23 16:28:15 UTC 2018

Previous message (by thread): [Cryptech Tech] Happier RSA timing numbers
Next message (by thread): [Cryptech Tech] Happier RSA timing numbers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Rob Austein wrote:
>> After this the big thing I can do is the streaming interface I've
>> been talking about.
> ...
> 
> Sounds cool, but not sure it helps for specific case of AES keywrap. 
> You might want to look at sw/libhal/aes_keywrap.c (or the equivalent 
> Python implementation in the unit tests) as well as RFC 5649.

I'm fairly certain I was doing that, see mail from Yesterday:

"Looking at the code for aes_keywrap in:
https://trac.cryptech.is/browser/sw/libhal/aes_keywrap.c The inner
processing loop is at line number 199 (or 207)...."

> Basic problem I see is that the input to each ECB round in AES
> keywrap is a composite of two 64-bit fields, one of which is
> constructed by XORing a counter with 64-bits of the output of the
> previous round.  I see no obvious way to stream this.
> 
> One could of course use your streaming approach if the core were 
> performing the complete AES keywrap transform rather than just ECB.
> :)

Yes. And I think that might be the key here. I'll look a bit harder at
RFC 5649.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Assured AB
========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJbBZafAAoJEF3cfFQkIuyN+H8P/2lIHy1SUmlJ/eiY/eKN1d1O
y0V/U6NMIg6X4KpZ7JRDf+iZqXsG0Oeae8TbU12r6G3dw3gEgPMolr0Jd3ZMwiNQ
wsq4dPUs0UzyNiw+4GXejyPELE2ngJxVKS3WFF0O/s58fmH8SDJa91TcYFE3Bstn
W2G2AXr5uTmH4sQZh7FqD+wxxibsrewt3JsWX9XG4ODlGuAG+SK+FmqOIYzjgnAV
Z2jcbyJ/yl0oi4qm6m+sCsRjYDyVHXN9HrGf/5tGWzZ4el/X/ln6nBZMj2mvZgmi
GcsfDNyH3+dGxFnjvS8uk3hXY5IUjxkJMB18BzuAUHFk5KYZkmMOw22kr1ePr3X+
jiuQe516cVRe5G9H42EqfegqLavtWFfbBPMJTomkvEPY+GRejAwz4QrIVaTuX/iC
WvT0YO2zotsjiwn5XZ12wk6N3zyFaWVuMzda4iyjamcaY0nRoP472WrgMho9BW47
4LddoBncTLR6CU45hbPAZAWu8IF9EbFoRHn6Yza1PKhn4Nd4sRwmAWkTr+oY6pfG
iam/hLDIxDfs77t1zCMmIP9Fz8jrNUtB8u11eQe1tb8C5LzHlfuQ27+ZQkMKmwxe
pa3YFBpHQEDA6/utnmP1PdOywvU9KOF2B9Ikx5l2WZvRxEaXh1e1QOwF9guLZncs
uDnV5kwm3/bcj3JYiExs
=6LxY
-----END PGP SIGNATURE-----

Previous message (by thread): [Cryptech Tech] Happier RSA timing numbers
Next message (by thread): [Cryptech Tech] Happier RSA timing numbers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list